Weber & Gulick / TT3763 



1/73 



PROCESSOR 
102 



100 



MEMORY 
106 



NORTH BRIDGE 
104 



AGP 
108 



PCI 
110 



LPC BUS 
118 \^ 




Fig. 1A 
(Prior Art) 



Weber & Gulick / TT3763 



! 



2/73 



SOUTH BRIDGE 
112 

RTC BATTERY WELL1 25 



CLOCK CIRCUIT 
128 



CPU 
INTERFACE 
132 



PCI BUS 
INTERFACE 
LOGIC 
134A 



IDE 
INTERFACE 
LOGIC 
134B 




RTC RAM 126B 



CLOCK DATA 
129 



POWER/SYSTEM 
MANAGEMENT 
133 



USB 
INTERFACE 
LOGIC 
134C 



LPC 
INTERFACE 
LOGIC 
134D 



Fig. 1B 
(Prior Art) 



Weber & Gulick / TT3763 



3/73 ^ 135 



POWER SUPPLY INITIALIZATION POWER SUPPLY GENERATES A POWER 
GOOD SIGNAL TO THE NORTH BRIDGE 136 



i 

UP RECEIVING THE POWER GOOD SIGNAL, THE SOUTH BRIDGE STOPS 
ASSERTING THE RESET SIGNAL FOR THE PROCESSOR 138 



THE PROCESSOR READS THE DEFAULT JUMP LOCATION, USUALLY AT 

FFFFOh 140 



THE PROCESSOR JUMPS TO THE BIOS CODE LOCATION IN THE ROM BIOS, 
COPIES THE BIOS CODE TO RAM. AND BEGINS PROCESSING BIOS CODE 

INSTRUCTIONS FROM RAM 142 



BIOS CODE PERFORMS POWER ON SELF TEST (POST) 144 



I 

BIOS CODE LOOKS FOR ADDITIONAL BIOS CODE, SUCH AS VIDEO @ COOOh 
AND ATA/IDE HARD DRIVE BIOS CODE @ C800h, AND DISPLAYS A START-UP 

INFORMATION SCREEN 146 



BIOS CODE PERFORMS ADDITIONAL SYSTEM TESTS, SUCH AS THE RAM 
COUNT-UP TEST, AND SYSTEM INVENTORY, SUCH AS IDENTIFYING COM 

AND LPT PORTS 148 



BIOS CODE IDENTIFIES PLUG-N-PLAY AND OTHER SIMILAR DEVICES AND 
DISPLAYS A SUMMARY SCREEN 150 



▼ 

BIOS CODE IDENTIFIES THE BOOT LOCATION 152 



BIOS CODE CALLS THE BOOT SECTOR CODE TO BOOT THE COMPUTER 

SYSTEM 154 



Fig. 2A 
(Prior Art) 



Weber & Gulick / TT3763 



4/73 

/170 



INTERRUPT CONTROLLER RECEIVES A REQUEST FOR SYSTEM 

MANAGEMENT MODE (SM M) 172 

1 

INTERRUPT CONTROLLER SIGNALS THE REQUEST FOR SMM TO THE 
PROCESSOR BY ASSERTING THE SYSTEM MANAGEMENT INTERRUPT (SMi#) 

SIGNAL 174 



±_ 

PROCESSOR RECOGNIZES THE REQUEST FOR SMM AND ASSERTS THE SMI 

ACTIVE (SMIACT#) SIGNAL 176 



SYSTEM RECOGINIZES THE SMIACT# SIGNAL, DISABLES ACCESS TO RAM, 
AND ENABLES ACCESS TO SYSTEM MANAGEMENT RAM (SMRAM) SPACE 

178 



I 

CURRENT PROCESSOR STATE IS SAVED TO SMRAM 180 



PROCESSOR RESETS TO SMM DEFAULT STATE AND ENTERS SMM 182 

PROCESSOR READS DEFAULT POINTER AND JUMPS INTO SMRAM SPACE 

184 



STATUS REGISTERS ARE CHECKED TO IDENTIFY THE SMI REQUEST 186 



SMI HANDLER SERVICES THE SMI REQUEST 188 



1 



SMI HANDLER ISSUES RETURN FROM SMM (RSM) INSTRUCTION TO 

PROCESSOR 190 



1 



PROCESSOR RESTORES SAVED STATE INFORMATION AND CONTINUES 

NORMAL OPERATION 192 



Fig. 2B 
(Prior Art) 



Weber & Gulick / TT3763 



5/73 



USER 
INPUT/ 
OUTPUT 
205 



200 



APPLICATIONS 
210 



CRYPTOGRAPHY 
SERVICE 
PROVIDERS 
215 



API 
CALLS 
220 



DRIVERS 
225 



SECURE 
lEXECUTION 

y BOX 

260 



HARDWARE 
230 



L 



Fig. 3 



Weber & Gulick / TT3763 



6/73 



SOUTH BRIDGE 
330 



SECURITY 
HARDWARE 
370 



IC 
365 



LPC 
BIL 
134D 



USB 
INTERFACE 
LOGIC 
134C 



TO 

PROCESSOR 
102 



LPC BUS 
118^ 



CRYPTO 
PROCESSOR 
305 



MEMORY 
PERMISSION 
TABLE 
310 



BIOMETRIC 
DEVICE 
320 



USB HUB 
315 




SMART CARD 
READER 
325 



Fig. 4 



Weber & Gulick / TT3763 



7/73 



SOUTH BRIDGE 
330A 



REQ 



SMM 
INITIATOR 
425A 



SMM 



REQ 



10 
365 



MAILBOX 
RAM 
415 



SMM 
ACCESS 
FILTERS 

410 



I/O 



SMM ACCESS CONTROLLER 402A 



EXIT 
SMM 
404 



CONTROL 
LOGIC 
420A 



DURATION 
TIMER 
406A 



SMM 
INDICATOR 
405 



SMI# 



SMIACT# 



KICK-OUT 
TIMER 
407A 



RESTART 
TIMER 
408 



SMM TIMING CONTROLLER 401 A 



SECURITY 
HARDWARE 
370A 



Fig. 5A 



Weber & Gulick / TT3763 



8/73 



SMM 
INITIATION 
REGISTER 

425B 



SOUTH BRIDGE 
330B 

REQ 



\ 

EXIT 
SMM 
404 



SMM 



REQ 



CONTROL 
LOGIC 
420B 



IC 
365 



MAILBOX 
RAM 
415 



SMM 
ACCESS 
FILTERS 

410 



I/O 



SMM ACCESS CONTROLLER 402B 



SECURITY 
HARDWARE 
370B 



DURATION/ 
KICK-OUT 
TIMER 
407B 



SMM 
INDICATOR 
405 



SMI#_ 
SMIACT# 



RESTART 
TIMER 
408 



SMM TIMING CONTROLLER 401 B 



Fig. 5B 



Weber & Gulick / TT3763 



9/73 



SOUTH BRIDGE 
330C 



RNG 
455 



SCRATCHPAD 
RAM 
440 



SMM ACCESS CONTROLLER 402 



410 



ACCESS LOCKS 460 



MONOTONIC 
COUNTER 
435A 



J 



TOO 
COUNTER 
430 



CONTROL 
LOGIC 
420 



SMM 
MANAGEMENT 
REGISTERS 470 



OAR 
LOCKS 
450 



SMM 
TIMING 
CONTROLLER 
401 



OAR 
OVERRIDE 
445 



SECURITY 
HARDWARE 
370C 



Fig. 6 



Weber & Gulick / TT3763 



10/73 



LPC BUS 
118 



\ 



CRYPTO 
PROCESSOR 
305 

SECRET 
610A 



SMM ROM 
550 



Fig. 7A 



BIOS ROM 
355 



EXTENDED BIOS 555 




BIOS ROM 
355 




SMM ROM 
550 











Fig. 7B 



Weber & Gulick / TT3763 



11/73 



PROTECTED 
STORAGE 
605A 



RANDOM 
NUMBER 
GENERATOR 
455 



INTERFACE 
LOGIC 
602 



ACCESS 
LOGIC 
609A 



LOCK 
REGISTER 
606 



SECRET 
610B 



CODE 
STORAGE 
607 



DATA 
STORAGE 
608A 



Fig. 7C 



Weber & Gulick / TT3763 



12/73 



CRYPTO 
PROCESSOR 
305 



SECRET 
61 OA 



PROTECTED 
STORAGE 
605B 




SECRET 
610B 



CODE 
STORAGE 
607 



DATA 
STORAGE 
608A 



Fig. 7D 



Weber & Gulick / TT3763 



13/73 



BIOS ROM 
355 








SECRET 
610C 




PRIVATE MEMORY 
606 



Fig. 8A 



Weber & Gulick / TT3763 



14/73 



SMM ROM 
550 



SECRET 
610D 



PUBLIC 0 
625 



SMM ROM 0 
615 



PUBLIC 1 
630 



SMM ROM 1 
616 



RESERVED 
635 



SMM ROM 2 
617 



REGISTERS 
640 



MONOTONIC 
COUNTER 
435B 



Fig. 8B 



Weber & Gulick / TT3763 



15/73 



PROCESSOR 
805 



SMM EXIT 
CONTROLLER 
806 



SMM 
MSR 
807 



800A 



LOCAL 
BUS 
808 ^ 



MEMORY 
106 



SMIACT# 



NORTH BRIDGE 
810 



MEMORY 
CONTROLLER 
815 



PCI 
^110 



SOUTH BRIDGE 
330 



SCRATCHPAD 
RAM 
440 



SMM TIMING 
CONTROLLER 
401 



Fig. 9A 



Weber & Gulick / TT3763 



16/73 



PROCESSOR 
805 



SMM EXIT 
CONTROLLER 
806 



SMM 
MSR 
807 



LOCAL 
BUS^ 
808 



MEMORY 
106 



800B 



EXIT 
SMM 
SIGNAL 
404 



NORTH BRIDGE 
810 



MEMORY 
CONTROLLER 
815 



PCI 
110 



SMIACT# 



SOUTH BRIDGE 
330 



SCRATCHPAD 
RAM 
440 



SMM TIMING 
CONTROLLER 
401 



Fig. 9B 



Weber & Gulick / TT3763 



17/73 




YES 



i 

INITIATE KICK-OUT TIMER 910 



NO 




YES 



i 

TRANSMIT SIGNAL TO PROCESSOR TO 
EXIT SMM PRIOR TO FINISHING SERVICING 
THE SMI REQUEST THAT PUT THE 
COMPUTER SYSTEM INTO SMM 920 



PROCESSOR SAVES STATE OF SMM 
SESSION AND EXITS SMM 925 



Fig. 10A 



Weber & Gulick / TT3763 




ASSERT SMI REQUEST TO PROCESSOR 1020 


1 





PROCESSOR ENTERS SMM AND LOOKS FOR AN ENTRY 
INDICATING THAT A PREVIOUS SMM SESSION WAS ENDED 
PRIOR TO FINISHING 1025 



PREVIOUS SMM 
lESSION UNFINISHED^ 
1030 



START NEW SMM 
SESSION 1035 



-YES^ 



READ SAVED STATUS OF 
PREVIOUS SMM SESSION 
1040 



CONTINUE PREVIOUS 
SMM SESSION 1045 



i 



Fig. 10B 



Weber & Gulick / TT3763 



19/73 



1100A 



CHECK THE RTC CHECKSUM 
1105 




INSPECT MONOTONIC COUNTER IN SMM ROM 1115 



VALUE STORED IN 
MONOTONIC COUNTER IN SMM ROM EQUAL 
JO RESET VALUE? 1120A^ 



IDENTIFY VALUE STORED IN MONOTONIC 
COUNTER IN SMM ROM 1125A 



YES 



UPDATE VALUE STORED IN MONOTONIC 
COUTNER IN SMM ROM BY SMALLEST 
INCREMENT 1135A 



UPDATE VALUE STORED 
IN MONOTONIC COUNTER 

IN SMM ROM TO 
SMALLEST INCREMENTAL 
VALUE 1130A 



( ) 
Fig. 11A 



Weber & Gulick / TT3763 



20/73 



1100B 




RTC CHECKSUM VALID? 1110 



NO 



INSPECT MONOTONIC COUNTER IN SMM ROM 1115 



ALL VALUES IN 
MONOTONIC COUNTER IN SMM ROM EQUAL 
TO ONE? 1120B 



-NG- 



IDENTIFY HIGHEST NUMBERED BYTE 
WITH A ZERO IN A MOST SIGNIFICANT 
BIT 1125B 



YES 



UPDATE NEXT HIGHEST NUMBERED 
BYTE WITH A ZERO IN A NEXT MOST 
SIGNIFICANT BIT 1135B 



YES 



UPDATE FIRST BYTE WITH 
A ZERO AS THE LEAST 
SIGNIFICANT BIT 1130B 




Fig. 11B 



Weber & Gulick / TT3763 



21/73 




3. 



INSPECT MONOTONIC COUNTER IN SMM ROM 1210 



NO 



VALUE STORED IN 
MONOTONIC COUNTER IN SMM ROM EQUAL 
TO RESET VALUE? 1215A 



IDENTIFY VALUE STORED IN MONOTONIC 
COUNTER IN SMM ROM 1220A 



YES 
_l 



UPDATE VALUE STORED IN MONOTONIC 
COUTNER IN SMM ROM BY SMALLEST 
INCREMENT 1230A 



UPDATE VALUE STORED 
IN MONOTONIC COUNTER 

IN SMM ROM TO 
SMALLEST INCREMENTAL 
VALUE 1225A 



Fig. 12A 



Weber & Gulick / TT3763 



22/73 



1200B 



NO 



ALL VALUES IN 
MONOTONIC COUNTER IN SOUTH BRIDGE EQUAL 
TO ONE? 1205B 



INSPECT MONOTONIC COUNTER IN SMM ROM 1210 



ALL VALUES IN 
MONOTONIC COUNTER IN SMM ROM EQUAL 
TO ONE? 1215B 



YES 



IDENTIFY HIGHEST NUMBERED BYTE 
WITH A ZERO IN A MOST SIGNIFICANT 
BIT 1220B 



UPDATE NEXT HIGHEST NUMBERED 
BYTE WITH A ZERO IN A NEXT MOST 
SIGNIFICANT BIT 1230B 



I 



UPDATE FIRST BYTE WITH 
A ZERO AS THE LEAST 
SIGNIFICANT BIT 1225B 



Fig. 12B 



Weber & Gulick / TT3763 



23/73 



1300A 



RECEIVE REQUEST FOR A VALUE IN THE MONOTONIC COUNTER 

1305 



REQUEST A VALUE FROM THE MONOTONIC COUNTER IN 
THE SOUTH BRIDGE 1310 



UPDATE VALUE IN MONOTONIC COUNTER IN SOUTH BRIDGE 

1315 



CHECK UPDATED VALUE FROM THE MONOTONIC COUNTER IN 
THE SOUTH BRIDGE FOR ROLLOVER VALUE 1320 




-¥E6 



NO 



UPDATE VALUE IN THE MONOTONIC 
COUNTER IN THE SMM ROM 1330 



J 



PROVIDE UPDATED VALUE FROM MONOTONIC COUNTER IN 
SOUTH BRIDGE 1335 



Fig. 13A 



Weber & Gulick / TT3763 



24/73 




B 



1300B 





f 


REQUEST A VALUE FROM THE MONOTONIC COUNTER 
INTHESMMROM 1340 






RECEIVE THE VALUE FROM THE MONOTONIC COUNTER 
INTHESMMROM 1345 




f 


COMBINE THE VALUE FROM THE MONOTONIC COUNTER 
IN THE SOUTH BRIDGE WITH THE VALUE FROM THE MONOTONIC 
COUNTER IN THE SMM ROM 1350 




r 


PROVIDE THE COMBINED VALUE IN RESPONSE TO THE 
REQUEST FOR THE VALUE FROM THE MONOTONIC COUNTER 

1355 







Fig. 13B 



Weber & Gulick / TT3763 



25/73 



PERFORMANCE 
REGISTERS 
1405 



REG 1405N 



REG 1405E 



REG 1405D 



REG 1405C 



REG 1405B 



REG 1405A 



1406 







ENTROPY 
REGISTER 
1410 












C 


REQ 




ENTROPY 












CONTROL 








RN 




UNIT 
1415 





RNG 455A 



Fig. 14A 



Weber & Gulick / TT3763 



26/73 



PERFORMANCE 
REGISTERS 
1405 



REG 1405N 



REG 1405E 



REG 1405D 



REG 1405C 



REG 1405B 



REG 1405A 



RN 



805B 



--^-^'^ 1406 



ENTROPY 
REGISTER 
1410 



CLK 



RNG 455B 



Fig. 14B 



Weber & Gulick / TT3763 



27/73 



CLK 1505 



2l 



SYSTEM RESET 



READ STROBE 



-y- 

8 



D/A 
1520 



VCO 
1525 



1507 



2L 



1508^ 



IN 

SAMPLE 
&HOLD 
, 1530 

OUT 



> 


OUT 


LFSR8 1515 


IN RO 


7:0] 



/8 



ROO 




R07 


1514A 




1514H 



IN 

CRC32 
1535 

OUT 



7^ 



SELF 
TEST 
1511 



TEST_OK 
"CT506 



3> 



32 
GND^^ 



MUX 
1545 

SEL 



RST 



COUNTER 
1540 

FULL 



RN[31:0] 
M510 



DONE 



M509 



RNG 4550 



Fig. 15 



Weber & Gulick / TT3763 



28/73 



1600A 



THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE 

IN THE RAM 1620 



I 



BIOS CODE PERFORMS POWER ON SELF TEST (POST) 1625 



ACCESSING THE SECURITY HARDWARE 1630 



OPTIONALLY ENTER BIOS MANAGEMENT MODE 1632 



BIOS CODE LOOKS FOR ADDITIONAL BIOS CODE, SUCH AS VIDEO @ COOOh 
AND ATA/IDE HARD DRIVE BIOS CODE @ CSOOh. AND DISPLAYS A START-UP 

INFORMATION SCREEN 1635 



BIOS CODE PERFORMS ADDITIONAL SYSTEM TESTS. SUCH AS THE RAM 
COUNT-UP TEST. AND SYSTEM INVENTORY. SUCH AS IDENTIFYING COM 

AND LPT PORTS 1640 



BIOS CODE IDENTIFIES PLUG-N-PLAY AND OTHER SIMILAR DEVICES AND 
DISPLAYS A SUMMARY SCREEN 1645 



CLOSING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1650 



i 

BIOS CODE IDENTIFIES THE BOOT LOCATION 1655 



BIOS CODE CALLS THE BOOT SECTOR CODE TO BOOT THE COMPUTER 

SYSTEM 1660 



Fig. 16A 



Weber & Gulick / TT3763 



29/73 

^ 1600B 



OPENING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1615 



THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE 

IN THE RAM 1620 



ACCESSING THE SECURITY HARDWARE 1630 



V 



OPTIONALLY ENTER BIOS MANAGEMENT MODE 1632 



BIOS CODE LOOKS FOR ADDITIONAL BIOS CODE, SUCH AS VIDEO @ COOOh 
AND ATA/IDE HARD DRIVE BIOS CODE @ C800h, AND DISPLAYS A START-UP 

INFORMATION SCREEN 1635 



BIOS CODE IDENTIFIES PLUG-N-PLAY AND OTHER SIMILAR DEVICES AND 
DISPLAYS A SUMMARY SCREEN 1645 

1 



CLOSING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1650 



BIOS CODE IDENTIFIES THE BOOT LOCATION 1655 



i 

BIOS CODE CALLS THE BOOT SECTOR CODE TO BOOT THE COMPUTER 

SYSTEM 1660 



Fig. 16B 



Weber & Gulick / TT3763 





Fig. 16C 



Weber & Gulick / TT3763 



31/73 



1600D 



PROCESSOR OPERATES OUTSIDE OF SMM 1604 



CODE EXECUTING ON THE PROCESSOR ATTEMPTS TO ACCESS THE 
SECURITY HARDWARE 1606 




ACCESS THE SECURITY HARDWARE 1630 



IF NECESSARY, CLOSE THE ACCESS LOCKS TO THE SECURITY HARDWARE 

1650 



T 




Fig. 16D 



Weber & Gulick / TT3763 



32/73 




1 


YES 


CHANGE LOCK TO ALLOW ACCESS TO THE REQUESTED SECURITY 

HARDWARE 1694 







Fig. 16E 



Weber & Gulick / TT3763 



33/73 

1600F 



THE PROCESSOR LOADS CODE INSTRUCTIONS INTO SMM SPACE IN THE 

RAM 1605 



OPENING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1615 



I 

THE PROCESSOR EXECUTES SMM CODE INSTRUCTIONS FROM SMM SPACE 

IN THE RAM 1620 



21 



ACCESSING THE SECURITY HARDWARE 1630 



CLOSING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1650 



THE PROCESSOR RELOADS THE PREVIOUS STATE AND CONTINUES 

OPERATING 1665 



Fig, 16F 



I 



Weber & Gulick / TT3763 



34/73 



1600G 



THE PROCESSOR LOADS CODE INSTRUCTIONS INTO SMM SPACE IN THE 

RAM 1605 




THE PROCESSOR EXECUTES SMM CODE INSTRUCTIONS FROM SMM SPACE 

IN THE RAM 1620 



I 

ACCESSING THE SECURITY HARDWARE 1630 



CLOSING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1650 



i 

THE PROCESSOR RELOADS THE PREVIOUS STATE AND CONTINUES 

OPERATING 1665 



Fig. 16G 



Weber & Gulick / TT3763 



35/73 



460A 



460B 



SEQUESTER BIT 
REGISTER 1705 



Fig. 17A 



SEQUESTER REGISTERS 1710 



Fig, 17B 



ACCESS LOCKS 460C 




ONE OR MORE SEQUESTER 






REGISTERS 1715A 








ONE OR MORE SEQUESTER 






REGISTERS 1715B 




• 
• 
• 




ONE OR MORE SEQUESTER 






REGISTERS 1715N 




• 


• 
• 



OAR OVERRIDE 445 




OAR 






LOCK 






OVERRIDE 






BIT 






1750 








CHANGE 






OAR 






LOCK 






OVERRIDE 






BIT 






1755 







Fig. 17C 



Fig. 17D 



Weber & Gulick / TT3763 



36/73 



STARTS 



1 


r 


ONE OR MORE 
INSTRUCTIONS FOR 
EXECUTION IN SMM 1835A 


1 


r 



1800A 



STOP 
1895 



Fig. 18A 
PRIOR ART 



START 
1805 



1800B 



ONE OR MORE 
INSTRUCTIONS FOR 
EXECUTION IN SMM 1835B 




ONE OR MORE 
INSTRUCTIONS FOR 
EXECUTION IN SMM 1880 



STOP 
1895 



Fig. 18B 



Weber & Gulick / TT3763 



37/73 



START 
1805 

\ 



1800C 



RECEIVE A REQUEST TO ENTER SMM 1810 



SAVE SYSTEM STATE 1815 




LOAD REQUESTED DEFAULT SMM 
STATE 1825 



LOAD SAVED SMM STATE 1830 



EXECUTE LOADED SMM STATE 1835 




SAVE CURRENT SMM STATE 1850 



EXIT SMM 1855 



I 

-Z. 



RELOAD SAVED SYSTEM STATE 1860 



STOP 
1895 



Fig. 18C 



Weber & Gulick / TT3763 



38/73 



PROCESSOR 
805 



CONTROL 
LOGIC 
3010 



BOOT 
SWITCH 



3000A 




CRYPTO 
PROCESSOR 
305 




SOUTH BRIDGE 
330 



B 



OTHER 
HARDWARE 
3015A 



OTHER 
HARDWARE 
301 5B 



Fig, 19A 



Weber & Gulick / TT3763 



39/73 



3000B 



PROCESSOR 


805 






LPC 






BIL 






134D 





LOCAL 
BUS^ 
808 



NORTH BRIDGE 
810 




CONTROL 
LOGIC - 
3010 









PCI 




^110 


SOUTH BRIDGE 


330 




LPC 




BIL - 




134D 







BOOT 
SWITCH 
/ 3005 

O 



LPC BUS 
SEGMENT 
^3018 



LPC BUS 
118 



Q 



\ 



B 



Fig. 19B 



CRYPTO 
PROCESSOR 
305 



BIOS 
355 



Weber & Gulick / TT3763 



40/73 



PROCESSOR 
805 



CONTROL 
LOGIC 
3010 



LOCAL 
BUS- 
808 



3000C 



BOOT 
SWITCH 
^ 3005 



NORTH BRIDGE 
810 



CRYPTO 
PROCESSOR 
305 



BIOS 
355 





PCI 






SOUTH BRIDGE 


330 




LPC 




BIL - 




134D 







a. 



LPC BUS 
118 



\ 



B 



Fig. 19C 



Weber & Gulick / TT3763 



41/73 



PROCESSOR 



HDTEN 
3115 



RESET 



3125 



HDT RESET 
► LOGIC 
3120A 



NVRAM 
3130 



805A 



HDT 
CONTROL 
LOGIC 
3110A 



HDT 
INPUTS 
3105 



Fig. 20A 



HDTENLK 
3135 



HDTEN 
3115 



I 



RESET 
3"125^ 



HDT RESET 
LOGIC 
3120B 



PROCESSOR 
805B 



HDT 
CONTROL 
LOGIC 
3110B 



HDT 
INPUTS 
3105 



3140/ 



^3145 



Fig. 20B 



Weber & Gulick / TT3763 



42/73 



MLE 
3160 



PROCESSOR 
805C 



R ESET 
3125-^ 



MLE RESET 
LOGIC 
3165 



MICROCODE 
CONTROL 
LOGIC 
3155 



-7^ 



MC 
INPUTS 
3150 



Fig. 20C 



PROCESSOR 
805D 



LOCK 
REGISTER 
3180 



-7^ 



CONTROL/ 
RESET 
LOGIC 
3175 



INPUTS 
3170 



Fig. 20D 



Weber & Gulick / TT3763 



43/73 



3200 



RECEIVE REQUEST TO INITIATE HDT MODE 3205 



DETERMINE HDT MODE ENABLE STATUS 3210 




YES 



INITIATE HDT MODE 3220 




Fig. 21 



Weber & Gulick / TT3763 



44/73 



3300 




REQUEST AUTHORIZATION TO CHANGE 
HDT MODE LOCK STATUS 3320 




CHANGE HDT MODE LOCK STATUS 3330 



CHANGE HDT MODE ENABLE STATUS 3335 



RECEIVE REQUEST TO CHANG 

33 


IE HDT MODE ENABLE STATUS 
05 




r 


DETERMINE HDT MODE LOCK STATUS 3310 



Fig. 22 



Weber & Gulick / TT3763 



45/73 



3400 



RECEIVE REQUI 
MICROCODE UPC 


r 

EST TO INITIATE 
)ATE MODE 3405 







DETERMINE MICROCODE UPDATE MODE STATUS 3410 




YES 



INITIATE MICROCODE UPDATE MODE 3420 



Fig. 23 



Weber & Gulick / TT3763 



46/73 



3500 



RECEIVE REQUEST TO CHANGE 
MICROCODE UPDATE MODE STATUS 3505 



DETERMINE MICROCODE UPDATE LOCK STATUS 3510 




YES 



REQUEST AUTHORIZATION TO CHANGE 
MICROCODE UPDATE LOCK STATUS 3520 




CHANGE MICROCODE UPDATE LOCK STATUS 3530 



CHANGE MICROCODE UPDATE MODE STATUS 3535 



Fig. 24 



Weber & Gulick / TT3763 



47/73 



^ 3600A 



A SECURITY DEVICE RECEIVES A TRANSACTION REQUEST FOR A STORAGE 
LOCATION ASSOCIATED WITH A STORAGE DEVICE CONNECTED TO THE 

SECURITY DEVICE 3605A 



THE SECURITY DEVICE PROVIDES ACCESS CONTROL FOR THE STORAGE 

DEVICE 3610A 



THE SECURITY DEVICE MAPS THE STORAGE LOCATION IN THE 
TRANSACTION REQUEST ACCORDING TO THE ADDRESS MAPPING OF THE 

STORAGE DEVICE 3615A 



THE SECURITY DEVICE PROVIDES THE TRANSACTION REQUEST TO THE 

STORAGE DEVICE 3620A 



I 

THE STORAGE DEVICE PERFORMS THE REQUESTED TRANSACTION 3625A 



Fig, 25A 
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^ 3600B 



A CRYPTO-PROCESSOR RECEIVES A TRANSACTION REQUEST FOR A 
MEMORY LOCATION ASSOCIATED WITH A MEMORY CONNECTED TO THE 

CRYPTO-PROCESSOR 3605B 



THE CRYPTO-PROCESSOR PROVIDES ACCESS CONTROL FOR THE 

MEMORY 3610B 



THE CRYPTO-PROCESSOR MAPS THE MEMORY LOCATION IN THE 
TRANSACTION REQUEST ACCORDING TO THE ADDRESS MAPPING OF THE 

MEMORY 361 58 



THE CRYPTO-PROCESSOR PROVIDES THE TRANSACTION REQUEST TO THE 

MEMORY 3620B 



1 

THE MEMORY PERFORMS THE REQUESTED TRANSACTION 3625B 



Fig. 25B 
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361 OA 



THE SECURITY DEVICE DETERMINES IF A LOCK IS IN PLACE FOR THE 

STORAGE LOCATION 3705 




YES 



I 

THE SECURITY DEVICE PROVIDES A CHALLENGE IN RESPONSE TO THE 
TRANSACTION REQUEST FOR THE STORAGE LOCATION ASSOCIATED WITH 
A STORAGE DEVICE CONNECTED TO THE SECURITY DEVICE 3715 



I 

THE SECURITY DEVICE RECEIVES A RESPONSE TO THE CHALLENGE 3720 



THE SECURITY DEVICE EVALUATES THE RESPONSE BY COMPARING THE 
RESPONSE TO AN EXPECTED RESPONSE 3725 



END 




THE SECURITY DEVICE PROVIDES THE TRANSACTION REQUEST TO THE 

STORAGE DEVICE 3735 



Fig. 26 
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STORE A SECRET IN A STORAGE DEVICE (e.g. A MEMORY) 3805 



STORE DATA IN THE STORAGE DEVICE 3810 



STORE CODE IN THE STORAGE DEVICE 3815 



READ THE SECRET FROM THE STORAGE DEVICE (e.g. AT BOOT TIME) 3820 



STORE THE SECRET IN A SECURE LOCATION (e.g. IN SMM SPACE) 3825 






READ THE CODE FROM THE STORAGE DEVICE 3830 






STORE THE CODE IN THE SECURE LOCATION 3835 






LOCK A LOCK TO SECURE THE STORAGE DEVICE 3840 






READ DATA FROM THE STORAGE DEVICE 3845 



SUBMIT THE SECRET OR AN INDICATION THEREOF 
TO THE STORAGE DEVICE 3850 



USE THE CODE TO SUBMIT THE SECRET (OR THE INDICATION) 
TO THE STORAGE DEVICE 3855 



UNLOCK THE LOCK SECURING THE STORAGE DEVICE 3860 

Fig. 27 
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3900 



A REQUESTOR MAKES AN ACCESS REQUEST 3905 



A GATEKEEPER RECEIVES THE ACCESS REQUEST AND PROVIDES A 
CHALLENGE TO THE REQUESTOR TO AUTHENTICATE THE REQUESTOR'S 
AUTHORITY TO MAKE THE ACCESS REQUEST 3910 



THE REQUESTOR RECEIVES THE CHALLENGE AND PROVIDES A RESPONSE 
TO THE CHALLENGE TO AUTHENTICATE THE REQUESTOR'S AUTHORITY TO 
MAKE THE ACCESS REQUEST 3915 



THE GATEKEEPER RECEIVES THE RESPONSE TO THE CHALLENGE AND 
COMPARES THE RESPONSE TO AN EXPECTED RESPONSE 3920 




THE GATEKEEPER APPROVES THE ACCESS REQUEST 3930 



Fig. 28 
(Prior Art) 
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PROCESSOR 
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Fig. 29B 
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SYSTEM 
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^4100A 



A BIOMETRIC DATA TRANSACTION IS REQUESTED INVOLVING A BIOMETRIC 

DEVICE 4110 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE BIOMETRIC DEVICE 

4115 



THE BIOMETRIC DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST 
WITH THE REQUESTED BIOMETRIC DATA AND THE RESULT OF A HASH 
USING A SECRET AND THE NONCE OR RANDOM NUMBER 4120A 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4125A 



▼ 




YES 



REJECT THE TRANSMITTED 
BIOMETRIC DATA 4135 



ACCEPT THE TRANSMITTED 

BIOMETRIC DATA AS THE 
REQUESTED BIOMETRIC DATA 
4140 



Fig. 30A 
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4100B 



A BIOMETRIC DATA TRANSACTION IS REQUESTED INVOLVING A BIOMETRIC 

DEVICE 4110 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE BIOMETRIC DEVICE 

4115 



THE BIOMETRIC DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST 
WITH THE REQUESTED BIOMETRIC DATA IN ENCRYPTED FORM AND THE 
RESULT OF A HASH USING A SECRET AND THE NONCE OR RANDOM 

NUMBER 4120B 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4125B 



NO 




REJECT THE TRANSMITTED 
BIOMETRIC DATA 4135 



YES 



ACCEPT THE TRANSMITTED 

BIOMETRIC DATA AS THE 
REQUESTED BIOMETRIC DATA 
4140 



Fig. SOB 
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' 4200A 



A MASTER DEVICE IN THE COMPUTER SYSTEM ESTABLISHES A SECRET 
WITH A DEVICE IN THE COMPUTER SYSTEM DURING A TRUSTED SET-UP 

4205 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4210 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4215 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST WITH 
EITHER THE REQUESTED DATA AND A RESULT OF A HASH USING THE 
SECRET AND THE NONCE OR RANDOM NUMBER OR THE RESULT OF THE 

HASH 4220A 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4225 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4235 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR SEND THE DATA 
4240A 



Fig, 31A 
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4200B 



A MASTER DEVICE IN THE COMPUTER SYSTEM ESTABLISHES A SECRET 
WITH A DEVICE IN THE COMPUTER SYSTEM DURING A TRUSTED SET-UP 

4205 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4210 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4215 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST BY EITHER 
ENCRYPTING THE REQUESTED DATA USING THE SECRET AND THE NONCE 
OR RANDOM NUMBER AND TRANSMITTING THE ENCRYPTED DATA AND A 
RESULT OF A HASH USING THE SECRET AND THE NONCE OR RANDOM 
NUMBER OR TRANSMITTING THE RESULT OF THE HASH 4220B 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4225 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4235 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR ENCRYPT USING THE 
SECRET AND THE NONCE OR 
RANDOM NUMBER AND SEND 
THE ENCRYPTED DATA 4240B 



Fig. 31 B 



Weber & Gulick / TT3763 



59/73 ^4300A 



A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID 
TABLE DURING A TRUSTED SET-UP 4305 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4310 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4315 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST WITH THE 
REQUESTED DATA AND A RESULT OF A HASH USING THE GUID AND THE 
NONCE OR RANDOM NUMBER OR THE RESULT OF THE HASH 4320A 



THE RESULT OF THE HASH USING THE GUID AND THE NONCE OR RANDOM 
NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE RESULT OF THE 

HASH 4325 




YES 



REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4335 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR SEND THE DATA 
4340A 



Fig. 32A 
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4300B 



A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID 
TABLE DURING A TRUSTED SET-UP 4305 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4310 



THE 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4315 



THE 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST BY 
ENCRYPTING THE REQUESTED DATA USING THE GUID AND THE NONCE OR 
RANDOM NUMBER AND TRANSMITTING THE ENCRYPTED DATA AND A 
RESULT OF A HASH USING THE GUID AND THE NONCE OR RANDOM 
NUMBER OR TRANSMITTING THE RESULT OF THE HASH 4320B 



THE RESULT OF THE HASH USING THE GUID AND THE NONCE OR RANDOM 
NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE RESULT OF 

THE HASH 4325 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4335 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR ENCRYPT USING 
GUID AND THE NONCE AND 
SEND THE ENCRYPTED DATA 
4340B 



Fig. 32B 
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A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM. RECORDS THE GUID IN A GUID TABLE, 
AND TRANSMITS A SECRET TO THE DEVICE DURING A TRUSTED SET-UP 

4306 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID THAT KNOWS THE SECRET 

4311 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID THAT KNOWS THE SECRET 

4316 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST BY 
ENCRYPTING THE REQUESTED DATA USING THE SECRET, THE GUID, AND 
THE NONCE OR RANDOM NUMBER AND TRANSMITTING THE 
ENCRYPTED DATA AND A RESULT OF A HASH USING THE SECRET, THE 
GUID, AND THE NONCE OR RANDOM NUMBER OR TRANSMITTING THE 

RESULT OF THE HASH 4320C 



THE RESULT OF THE HASH USING THE SECRET, THE GUID, AND THE NONCE 
OR RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 

RESULT OF THE HASH 4326 




YES 



REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4335 



Fig, 32C 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR ENCRYPT USING THE 
SECRET, THE GUID, AND THE 
NONCE AND SEND THE 
ENCRYPTED DATA 4340C 
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A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID 
TABLE DURING A TRUSTED SET-UP 4405 



1 

THE DEVICE MAY RECEIVE A SYSTEM 

STORE THE SYS 


GUID FROM THE MASTER DEVICE AND 
)TEM GUID 4410 


1 





THE DEVICE SETS A INTRODUCED BIT IN RESPONSE TO JOINING THE 

COMPUTER SYSTEM 4415 



THE DEVICE RECEIVES A TRANSACTION REQUEST FROM THE COMPUTER 
SYSTEM AND THE DEVICE CHECKS IF ITS INTRODUCED BIT IS SET 4420 





NO 


THE DEVICE DOES NOT 
FULFILL THE TRANSACTION 
REQUESTOR DO NOT 
RESPOND TO THE 
TRANSACTION REQUEST 4430 




NO 




THE DEVICE MAY REQUEST 
AUTHENTICATION FROM THE 
COMPUTER SYSTEM USING A SECRET 
(e.g. THE GUID AND/OR THE SYSTEM 
GUID) BEFORE RESPONDING TO THE 
TRANSACTION REQUEST 4435 




THE DEVICE FULFILLS THE 
TRANSACTION REQUEST 4445 



YES 



Fig. 33 
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^4500 



THE DEVICE OR THE MASTER DEVICE INITIATES A REQUEST FOR THE 
DEVICE TO LEAVE THE COMPUTER SYSTEM 4505 



t 

THE DEVICE AND THE MASTER DEVICE AUTHENTICATE EACH OTHER USING 
THE GUID AND/OR THE SYSTEM QUID IN RESPONSE TO THE REQUEST FOR 
THE DEVICE TO LEAVE THE COMPUTER SYSTEM 4510 

1 

THE DEVICE RESETS THE INTRODUCED BIT IN RESPONSE TO THE DEVICE 
AND THE MASTER DEVICE SUCCESSFULLY AUTHENTICATING EACH OTHER 

4515 



Fig. 34 



^4600 



THE DEVICE RECEIVING A COMMAND FOR THE DEVICE TO LEAVE THE 

COMPUTER SYSTEM 4605 



▼ 

THE DEVICE RECEIVING A MAINTENANCE KEY THAT SUCCESSFULLY 

AUTHENTICATES 4610 



I 

THE DEVICE RESETS THE INTRODUCED BIT IN RESPONSE TO THE DEVICE 
RECEIVING THE MAINTENANCE KEY THAT SUCCESSFULLY AUTHENTICATES 

4615 



Fig. 35 
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^4800 

TRANSMIT A MASTER MODE SIGNAL TO BUS INTERFACE LOGIC 
CONNECTED BETWEEN MASTER MODE LOGIC AND A DATA INPUT DEVICE, 
WHERE THE BUS INTERFACE LOGIC INCLUDES A MASTER MODE REGISTER 

4805 

i 

SET A MASTER MODE BIT IN THE MASTER MODE REGISTER(S) TO 
ESTABLISH SECURE TRANSMISSION CHANNEL BETWEEN THE MASTER 
MODE LOGIC AND THE DATA INPUT DEVICE OUTSIDE THE OPERATING 
SYSTEM OF THE COMPUTER SYSTEM 4810 

i 

THE MASTER MODE LOGIC AND THE DATA INPUT DEVICE EXCHANGE DATA 
OUTSIDE THE OPERATING SYSTEM OF THE COMPUTER SYSTEM THROUGH 
THE BUS INTERFACE LOGIC(S) THAT INCLUDE THE MASTER MODE 

REGISTER 4815 

1 

THE MASTER MODE LOGIC FLUSHES THE BUFFERS OF THE BUS INTERFACE 
LOGIC(S) THAT INCLUDE THE MASTER MODE REGISTER AFTER 
CONCLUDING THE DATA TRANSMISSIONS 4820 



z 

THE MASTER MODE LOGIC SIGNALS THE BUS INTERFACE LOGIC(S) TO 
UNSET THE MASER MODE BITS AFTER FLUSHING THE BUFFERS OF THE 
BUS INTERFACE LOGIC(S) THAT INCLUDE THE MASTER MODE REGISTER 

4825 



Fig. 37 
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4900A 



THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE 

4920 



ACCESSING THE SECURITY HARDWARE 4930 



REQUEST AUTHENTICATION FROM THE CRYPTO-PROCESSOR USING 

MASTER MODE 4935A 



z 

PLACE BUS INTERFACE LOGICS IN MASTER MODE 4938 



z 

RECEIVE AUTHENTICATION DATA WHILE IN MASTER MODE 4940 



i 

EXIT MASTER MODE AND FLUSH BUFFERS 4942 



4 

VERIFY AUTHENTICATION DATA 4944 



VERIFIED? 
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YES 


CONTINUE BOOT PROCESS 4990 



NO 



Fig. 38A 
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4900B 



THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE 

4920 



ACCESSING THE SECURITY HARDWARE 4930 



OPTIONALLY ENTER BIOS MANAGEMENT MODE 4932 








REQUEST AUTHENTICATION FROM THE SECURITY HARDWARE USING 

MASTER MODE 4935B 


< 






PLACE BUS INTERFACE LOGICS IN MASTER MODE 4938 








RECEIVE AUTHENTICATION DATA WHILE IN MASTER MODE 4940 
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EXIT MASTER MODE AND FLUSH BUFFERS 4942 
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VERIFY AUTHENTICATION DATA 4944 
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5100A 



AUTHENTICATE A DEVICE, A COMPUTER SUBSYSTEM. OR A COMPUTER 
SYSTEM TO A COMPUTER SUBSYSTEM, A COMPUTER SYSTEM, OR A 
NETWORK SECURITY SYSTEM 5105 




SET A STARTING VALUE ON A TIMER IN RESPONSE TO SUCCESSFULLY 

AUTHENTICATING 5110 



UPDATE THE TIMER IN A PERIODIC FASHION 5115 



▼ 




YES 





CONTINUE NORMAL 
OPERATION OF THE DEVICE, 
THE COMPUTER SUBSYSTEM, 
OR THE COMPUTER SYSTEM 
5125 







RE-AUTHENTICATE THE DEVICE, 
THE COMPUTER SUBSYSTEM, 
OR THE COMPUTER SYSTEM TO 
THE COMPUTER SUBSYSTEM, 
THE COMPUTER SYSTEM, OR 
THE NETWORK SECURITY 
SYSTEM 5130 
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ESTABLISH NETWORK CONNECTION TO A NETWORK SECURITY 

SYSTEM 5104 



AUTHENTICATE A PORTABLE COMPUTER TO THE NETWORK 
SECURITY SYSTEM, SUCH AS DURING A BOOT PROCESS 5106 



5100B 



SET A STARTING VALUE ON A TIMER IN RESPONSE TO SUCCESSFULLY 

AUTHENTICATING 5110 



UPDATE THE TIMER IN A PERIODIC FASHION 5115 




YES 



CONTINUE NORMAL 
OPERATION OF THE 
PORTABLE COMPUTER 5126 



ATTEMPT TO ESTABLISH 
NETWORK CONNECTION TO THE 
NETWORK SECURITY SYSTEM 
5129 



RE-AUTHENTICATE THE 
PORTABLE COMPUTER TO THE 
NETWORK SECURITY SYSTEM 
5131 




SHUT DOWN THE PROTABLE 
COMPUTER AND REQUIRE 
AUTHENTICATION DURING THE 
BOOT PROCESS 5141 



Fig. 40B 
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5200 



THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE 

5220 



ACCESSING THE SECURITY HARDWARE 5230 



— X 

OPTIONALLY ENTER BIOS MANAGEMENT MODE 5232 
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5235 
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SHUT DOWN UNTIL 
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5290 
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